STARBUCKS says the incident involved phishing attacks targeting an employee portal and was detected on February 6, with unauthorized access to Starbucks Partner Central accounts. Hackers accessed these accounts after obtaining user credentials through fake websites designed to mimic the portal.
According to a data breach notification filed with the Maine Attorney General’s Office, the personal information accessed may have included name, social security number, date of birth, and financial account number and routing number. The notification states the unauthorized access occurred between January 19 and February 11, and the incident affects nearly 900 Starbucks employees. Law enforcement has been informed, and affected employees are being offered free identity protection services.
Starbucks emphasises that its systems and networks were not directly targeted and that Partner Central is used by employees to manage personal information, payroll, and benefits data. according to the Maine Attorney General’s Office.